In addition, the economic tailspin of the last few years has highlighted the range of risks -- including financial, regulatory, reputational, credit and IT -- to which companies are vulnerable.

Many companies increasingly view risk management as more than a compliance exercise, and instead integral to a company's culture, indicates. The study, "Risk Intelligent Proxy Disclosures 2011: Have risk-oversight practices improved?" found that almost all -- 90% -- of companies disclosed that the entire board of directors is responsible for risk. Moreover, in 89% of companies, risk oversight was handled by a range of board committees, rather than being the sole responsibility of the audit committee. "Companies are progressing in their risk management thinking," says Maureen Errity, firm director and a specialist in governance with Deloitte LLP.

Errity and her colleagues launched the survey in 2010 with a desire to know whether companies were embedding risk management within their culture, so that everyone from board members to front-line employees played a role in identifying, assessing and managing risk. Risk management should be a process which flows both from the executive suite, as well as rank-and-file employees, Errity says.

To determine this, Deloitte reviewed risk governance and oversight practices at the board level, as disclosed in proxy statements ?led by the S&P 200. The review was from the perspective of an investor or other stakeholder, with the goal of evaluating the companies' risk governance and oversight practices.

In general, companies risk management practices, as disclosed in the proxy statements, improved modestly between 2010 and 2011. For instance, in 2011, 88 percent of companies indicated that board committees other than the audit committee were involved in risk oversight, up from 82% in 2010. Similarly, in 2011, 45% of disclosures indicated that the company's risk management was aligned with its strategy; the number was 39% in 2010.